thr3ads.net - Secure testing commits - [Secure-testing-commits] r15962

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2011-Jan-25 19:02 UTC
[Secure-testing-commits] r15962 - data/CVE

Author: jmm
Date: 2011-01-25 19:01:58 +0000 (Tue, 25 Jan 2011)
New Revision: 15962

Modified:
   data/CVE/list
Log:
shib issue doesn''t affect Debian
updated status on several drupal mods, none affect testing or stable
mojarra not-affected
xulrunner issue only affected experimental



Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-01-25 17:47:53 UTC (rev 15961)
+++ data/CVE/list	2011-01-25 19:01:58 UTC (rev 15962)
@@ -6,9 +6,8 @@
 	- redmine 1.0.5-1 (bug #608397)
 	NOTE: http://www.redmine.org/news/49
 CVE-2011-XXXX [shibboleth Single TransientID Mapped to Multiple Principals]
-	- shibboleth-sp2 <unfixed>
+	NOTE: Not packaged in Debian, separate package Shibboleth IdP
 	NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt
-	TODO: report & request id
 CVE-2011-0520 [maradns crash with long queries]
 	RESERVED
 	- maradns <unfixed> (bug #610834)
@@ -1770,14 +1769,11 @@
 CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka
...)
 	NOT-FOR-US: MyBB
 CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x
...)
-	- drupal6-mod-views <undetermined>
-	TODO: check
+	- drupal6-mod-views 2.12-1
 CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views
...)
-	- drupal6-mod-views <undetermined>
-	TODO: check
+	- drupal6-mod-views 2.11-1
 CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
-	- drupal6-mod-views <undetermined>
-	TODO: check
+	- drupal6-mod-views 2.11-1
 CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Safe Search plugin for WordPress
 CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto
(com_jeauto) ...)
@@ -3143,8 +3139,7 @@
 	{DSA-2128-1}
 	- libxml2 2.7.8.dfsg-1 (bug #602609)
 CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message
...)
-	- mojarra <unfixed>
-	TODO: check
+	- mojarra <not-affected> (Fixed before initial upload, in 2.0.1)
 CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN
Links ...)
 	NOT-FOR-US: WSN Links
 CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy
1.5.2 and ...)
@@ -3739,13 +3734,7 @@
 	- iceape 2.0.11-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3777 (Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13
and ...)
-	- xulrunner <removed>
-	- icedove <undetermined>
-	- iceweasel <undetermined>
-	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
-	- iceape <undetermined>
-	[lenny] - iceape <not-affected> (Only a stub package)
-	TODO: check
+	- iceweasel <not-affected> (Only affects Firefox 3.6, which is only in
experimental)
 CVE-2010-3776 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
 	{DSA-2132-1}
 	- xulrunner <removed>
@@ -7617,11 +7606,9 @@
 CVE-2010-2354 (SQL injection vulnerability in subscribe.php in Pilot Group (PG)
eLMS ...)
 	NOT-FOR-US: Pilot Group eLMS Pro
 CVE-2010-2353 (The Node Reference module in Content Construction Kit (CCK)
module 6.x ...)
-	- drupal6-mod-cck <undetermined>
-	TODO: check
+	- drupal6-mod-cck <not-affected> (Fixed before initial upload)
 CVE-2010-2352 (The Node Reference module in Content Construction Kit (CCK)
module 5.x ...)
-	- drupal6-mod-cck <undetermined>
-	TODO: check
+	- drupal6-mod-cck <not-affected> (Fixed before initial upload)
 CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware
SMB 1.0 ...)
 	NOT-FOR-US: Novell Netware
 CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0
allows ...)
@@ -22578,11 +22565,9 @@
 CVE-2009-2078 (Multiple cross-site scripting (XSS) vulnerabilities in Booktree
5.x ...)
 	NOT-FOR-US: Booktree module for drupal
 CVE-2009-2077 (Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote
...)
-	- drupal6-mod-views <undetermined>
-	TODO: check
+	- drupal6-mod-views <not-affected> (Fixed before initial upload)
 CVE-2009-2076 (Cross-site scripting (XSS) vulnerability in Views 6.x before
6.x-2.6, ...)
-	- drupal6-mod-views <undetermined>
-	TODO: check
+	- drupal6-mod-views <not-affected> (Fixed before initial upload)
 CVE-2009-2075 (Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module
for ...)
 	NOT-FOR-US: Nodequeue module for Drupal
 CVE-2009-2074 (Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before
...)
Secure testing commits - Jan 2011 - r15962 - data/CVE

[Secure-testing-commits] r15962 - data/CVE
